Home Library Learn Downloads Support Community
Sign in | United States - English | |
7 out of 20 rated this helpful - Rate this topic

JoinDomainOrWorkgroup method of the Win32_ComputerSystem Class

Applies to: desktop apps only

The JoinDomainOrWorkgroup method joins a computer system to a domain or workgroup.

This topic uses Managed Object Format (MOF) syntax. For more information about using this method, see Calling a Method.

Syntax

Copy 
uint32 JoinDomainOrWorkgroup(
  [in]            string Name,
  [in]            string Password,
  [in]            string UserName,
  [in, optional]  string AccountOU,
  [in]            uint32 FJoinOptions = 1
);

Parameters

Name [in]

Specifies the domain or workgroup to join. Cannot be NULL.

Password [in]

If the UserName parameter specifies an account name, the Password parameter must point to the password to use when connecting to the domain controller. Otherwise, this parameter must be NULL.

UserName [in]

Pointer to a constant null-terminated character string that specifies the account name to use when connecting to the domain controller. Must specify a domain NetBIOS name and user account, for example, Domain\user. If this parameter is NULL, the caller information is used.

You can also use the user principal name (UPPED) in the form user@domain.

Windows 2000, Windows NT 4.0, and Windows Me/98/95:  You cannot specify UserName in UPPED format.
AccountOU [in, optional]

Specifies the pointer to a constant null-terminated character string that contains the RFC 1779 format name of the organizational unit (OU) for the computer account. If you specify this parameter, the string must contain a full path, otherwise Accent must be NULL.

Example: "OU=testOU, DC=domain, DC=Domain, DC=com"

FJoinOptions [in]

Set of bit flags that define the join options.

ValueMeaning
1 (0x1)

Default. Joins a computer to a domain. If this value is not specified, the join is a computer to a workgroup.

2 (0x2)

Creates an account on a domain.

4 (0x4)

Deletes an account when a domain exists.

16 (0x10)

The join operation is part of an upgrade from Windows 98 or Windows 95 to Windows 2000 or Windows NT.

32 (0x20)

Allows a join to a new domain, even if the computer is already joined to a domain.

64 (0x40)

Performs an unsecured join.

128 (0x80)

The machine, not the user, password passed. This option is only valid for unsecure joins.

256 (0x100)

Writing SPN and DnsHostName attributes on the computer object should be deferred until the rename that follows the join.

262144 (0x40000)

The APIs were invoked during install.

 

Return value

Return code/valueDescription
0

Success

WBEM_E_ENCRYPTED_CONNECTION_REQUIRED
0x80041087

Password and UserName are specified but the authentication level is not RPC_C_AUTHN_LEVEL_PKT_PRIVACY. For Visual Basic, wbemErrEncryptedConnectionRequired is returned.

 

Remarks

When moving a computer from a domain to a workgroup, you must remove the computer from the domain before calling this method to join a workgroup. After calling this method, restart the affected computer to apply the changes.

UserName and Password can be left null. However, the authentication of the connection to WMI must be 6 in script or WbemAuthenticationLevelPktPrivacy in Visual Basic and other languages that can use the wbemdisp.dll library. For more information, see Setting the Default Process Security Level Using VBScript.

In C++, set the authentication at RPC_C_AUTHN_LEVEL_PKT_PRIVACY either in CoInitializeSecurity, for the entire process, or in CoSetProxyBlanket, for a connection to the IWbemServices proxy. For more information, see Setting Authentication Using C++ and Setting the Security on IWbemServices and Other Proxies.

Examples

For script code examples, see WMI Tasks for Scripts and Applications and the TechNet ScriptCenter Script Repository.

For C++ code examples, see WMI C++ Application Examples.

The following VBScript code example joins a computer to a domain and creates the computer's account in Active Directory.

VB
Copy 
Const JOIN_DOMAIN             = 1
Const ACCT_CREATE             = 2
Const ACCT_DELETE             = 4
Const WIN9X_UPGRADE           = 16
Const DOMAIN_JOIN_IF_JOINED   = 32
Const JOIN_UNSECURE           = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET        = 256
Const INSTALL_INVOCATION      = 262144
strDomain   = "FABRIKAM"
strPassword = "ls4k5ywA"
strUser     = "shenalan"
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objComputer = _
    GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" _
    & strComputer & "'")
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, _
    strDomain & "\" & strUser, _
    NULL, _
    JOIN_DOMAIN + ACCT_CREATE)

Requirements

Minimum supported client

Windows XP

Minimum supported server

Windows Server 2003

Namespace

\root\CIMV2

MOF
Cimwin32.mof

DLL
Cimwin32.dll

See also

Win32_ComputerSystem

 

 

Send comments about this topic to Microsoft

Build date: 3/9/2012

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ
Denied Access
If you use a script to join a domain at computer startup, you may receive an error 5 Denied Access. I think this is due to incomplete network configuration. In order to avoid this error, think to retry the command with a do while and a counter (to avoid infinite loop) something like this : domain=1 count=1 Do While (count<10 And domain <>0) domain=objComputer.JoinDomainOrWorkGroup(strDomain, strPassword, strDomain & "\" & strUser, strOU, JOIN_DOMAIN + ACCT_CREATE) count=count+1 loop
History
Adding to Workgroup
<i>"When moving a computer from a domain to a workgroup, you must remove the computer from the domain before calling this method to join a workgroup. After calling this method, restart the affected computer to apply the changes."</i> <br><br> The above is from Remarks section in this article. What might be unclear to some people is that you need to call <b>UnJoinDomainOrWorkgroup</b> to remove from the domain, then call <b>JoinDomainOrWorkgroup</b> to join the workgroup. <br><br> Here is an example for removing from a domain. <i>Note: This removes the PC from the domain, but the workstation object remains disabled in the OU. I have not found an option that deletes the workstation object with this call. </i> <br><br> wmic.exe /interactive:off ComputerSystem Where "Name = '%computername%'" Call UnJoinDomainOrWorkgroup UserName="admin@mydomain.com" Password="xyz" FUnjoinOptions=2
History
How to unjoin the domain and join a WORKGROUP?
Now the computer belongs to domain "C999", I tryed the command bellow to unjoin domain "C999" ;
wmic computersystem where name!=null call joindomainorworkgroup name="WORKGROUP" password="domainpass" username="domainadmin"

the ReturnValue of the command is 2691 that means already joins a domain.

How to join a WORKGROUP by this command?
History
Syntax
Big thanks to Jasen on this one!

Just to reiterate, as Jasen pointed out, the syntax for the AccountOU parameter requires semicolons as delimiters, not commas as in the example. 

strOU = "OU=testOU; DC=domain; DC=Domain; DC=com"

ReturnValue = objComputer.JoinDomainOrWorkGroup (Domain, _
                                               Password, _
                                               Domain & "\" & Username, _
strOU, _
                                               JOIN_DOMAIN + ACCT_CREATE)

Obviously, using commas will give you a ReturnValue of 87 which is the "The parameter is incorrect" System Error.


        

        

            History
        

        
        

        
        

        

             

             
               
                
            

            
            
        

        
    

    




    
    

      
      

              wmic.exe - cool command line wmi tool 
                
        
 
        

            
I spent days trying to figure out how to use wmic.exe to join the domain. The biggest key was figuring out the syntax as there are a couple of different ways to do it. Importantly, if you specify the AccountOU, you must use the DN as mentioned above. What it fails to mention is that WMIC uses commas (,) to separate paramaters and will cause WMIC to fail. You must use semicolons (;) in your DN instead. 

Example: "OU=testOU; DC=domain; DC=Domain; DC=com" 

Command Line examples


    
  
  1. wmic.exe /interactive:off ComputerSystem Where "name = '%computername%'" call JoinDomainOrWorkgroup AccountOU="OU=XP Workstations;DC=my;DC=domain;DC=com" FJoinOptions=1 Name="my.domain.com" Password="xyz" UserName="admin@my.domain.com" 

  2. wmic.exe /interactive:off ComputerSystem Where "name = '%computername%'" call JoinDomainOrWorkgroup "OU=XP Workstations;DC=my;DC=domain;DC=com", 1, "my.domain.com", "xyz", "admin@my.domain.com" 
    3. 



Both work, but the first one is easier to edit and the parameters can be in a different order.

        

        

            History
        

        
        

        
        

        

             

             
               
                
            

            
            
              

                          
              
              

            
        

        
    

    




    
    

      
      

              Error message listing 
                
        
 
        

            Hi, The error codes are Windows system error codes,


        

        

            History
        

        
        

        
        

        

             

             
               
                
            

            
            
        

        
    

    




    
    

      
      

              Error message listing 
                
        
 
        

            Not sure why, but this article doesn't tell you about the error return values. This one does, and the constants are repeated below:

http://cwashington.netreach.net/depo/view.asp?Index=877&ScriptType=vbscript

Select Case varErrorNumber
Case 5 strErrorDescription = "Access is denied"
Case 87 strErrorDescription = "The parameter is incorrect"
Case 110 strErrorDescription = "The system cannot open the specified object"
Case 1323 strErrorDescription = "Unable to update the password"
Case 1326 strErrorDescription = "Logon failure: unknown username or bad password"
Case 1355 strErrorDescription = "The specified domain either does not exist or could not be contacted"
Case 2224 strErrorDescription = "The account already exists"
Case 2691 strErrorDescription = "The machine is already joined to the domain"
Case 2692 strErrorDescription = "The machine is not currently joined to a domain"
End Select

        

        

            History
        

        
        

        
        

        

             

             
               
                
            

            
            
              

                          
              
              

            
        

        
    

    




    
    

      
      

              Option to join client/server to an AD domain through an RODC 
                
        
 
        

            
Value = 2048 (0x800)


Const NETSETUP_JOIN_READONLY = 2048


This option allows a client/server to join an AD domain through an RODC. Prerequisite is that the computer account for that client/server must be precreated in the AD domain and configured in a way the password is allowed to replocate to the RODC. A blog post about this can be found at: http://blogs.dirteam.com/blogs/jorge/. The exact URL for that blog post is: http://blogs.dirteam.com/blogs/jorge/archive/2009/01/01/domain-join-through-an-rodc-instead-of-an-rwdc.aspx


Cheers,


Jorge

        

        

            History
        

        
        

        
        

        

             

             
               
                
            

            
            
              

                          
              
              

            
        

        
    

    




    
    

      
      

              Return Code 234 received 
                
        
 
        

            
Hi. 
After using 




Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" &  strComputer & "'")


WScript.Sleep 1000


If Err.Number <> 0 Then
 Logger "DomainJoin","Binding to local objComputer not successful " & Err.Number & " " & Err.Description, "Phase 3", "WARN", 1
 Err.Clear
End If


ReturnValue = objComputer.JoinDomainOrWorkGroup (Domain, _
                                               Password, _
                                               Domain & "\" & Username, _
                                               OU, _
                                               JOIN_DOMAIN + ACCT_CREATE)


Logger "DomainJoin","Domain join state: " & ReturnValue, "Phase 3", "INFO", 1


WScript.Sleep 5000






i get a returncode 234. What does ist mean? Creating and joining manually will be done correct.




Bye Thomas

        

        

            History